[SECURITY] Fedora 43 Update: python-urllib3-2.7.0-2.fc43

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

CVE-2026-48066

pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

Astra Linux - уязвимость в firefox, thunderbird

Freeing arbitrary nsIInputStream's on a thread other than the one in which they were created could lead to a use-after-free, potentially causing a crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

[SECURITY] Fedora 44 Update: python-urllib3-2.7.0-1.fc44

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

CVE-2026-43484

The CVE-2026-43484 entry concerns the Linux kernel MMC core. The vulnerability stems from a shared word between host->claimed and retune flags in the MMC host data, where writes to claimed (in __mmc_claim_host()) or retune_now (in mmc_mq_queue_rq()) could overwrite adjacent bits during concurr...

CVE-2026-43358

A flaw was found in the Linux kernel's btrfs filesystem. A missing Read-Copy Update RCU unlock in an error path within the tryreleasesubpageextentbuffer function could lead to system instability. This issue, identified by a thread-safety analyzer, may result in a denial of service condition,...

CVE-2026-43358

CVE-2026-43358 affects the Linux kernel's btrfs filesystem. The vulnerability is a missing RCU unlock in the error path of try_release_subpage_extent_buffer(), where rcu_read_lock() should be held before exiting the loop because an rcu_read_unlock() occurs past the loop. The issue was identified ...

JLSEC-2026-427 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in...

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

Astra Linux - уязвимость в curl

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

Astra Linux - уязвимость в firefox, thunderbird

The concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a “use-after-free” condition, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

[SECURITY] Fedora 44 Update: dtk6log-6.7.32-3.fc44

Simple, convenient and thread safe logger for Qt-based C++ apps...

K000160935: Curl vulnerability CVE-2025-14017

Security Advisory Description When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific...

freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...

CVE-2026-23420

A flaw was found in the Linux kernel's wlcore Wi-Fi driver. This vulnerability involves an improper handling of a locking mechanism, specifically the wl-mutex. This can lead to system instability or unexpected behavior. The issue was identified by a thread-safety analyzer. Mitigation To mitigate...

EUVD-2026-18637

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl-mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer...

UBUNTU-CVE-2026-23420

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl-mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer...

CVE-2026-23420

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl-mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer...

CVE-2026-23420

CVE-2026-23420 affects the Linux kernel wlcore Wi‑Fi driver. The issue is a locking-order bug where wl->mutex could be unlocked without being held, as identified by a Clang thread-safety analyzer. This is associated with potential synchronization instability; patches exist in Rootio‑Linux pack...

curl: Use-After-Free race condition in url_move_hostname() via shared connection pool

Summary: In lib/url.c, urlconnreuseadjust calls urlmovehostname which frees conn-host.rawalloc and conn-host.encalloc via Curlsafefree and Curlfreeidnconvertedhostname after Curlcpoolfind has already released the connection pool lock. A second thread doing a concurrent pool lookup still holds tha...